Lucene search
GitHub Advisory DatabaseGHSA-92XJ-MQP7-VMCJHistorySep 14, 2020 - 9:42 p.m.
Prototype Pollution in node-forge
2020-09-1421:42:09
CWE-915
CWE-1321
GitHub Advisory Database
github.com
127
0.002 Low
EPSS
Percentile
51.2%
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing the vulnerable functions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| node-forge | lt | 0.10.0 |
References
github.com/advisories/GHSA-92xj-mqp7-vmcj
github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed
github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756
nvd.nist.gov/vuln/detail/CVE-2020-7720
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
snyk.io/vuln/SNYK-JS-NODEFORGE-598677
Related
osv
osv
CVE-2020-7720
2020-09-01 10:15:10
Prototype Pollution in node-forge
2020-09-14 21:42:09
Prototype Pollution in node-forge util.setPath API
2022-01-08 00:22:40
ibm
ibm
redhatcve
redhatcve
CVE-2020-7720
2020-09-01 18:18:38
prion
prion
Design/Logic Flaw
2020-09-01 10:15:00
githubexploit
githubexploit
veracode
veracode
Prototype Pollution
2020-09-02 06:31:08
debiancve
debiancve
CVE-2020-7720
2020-09-01 10:15:00
cvelist
cvelist
CVE-2020-7720 Prototype Pollution
2020-09-01 00:00:00
nodejs
nodejs
Prototype Pollution in node-forge
2020-09-30 18:39:48
ubuntucve
ubuntucve
CVE-2020-7720
2020-09-01 00:00:00
github
github
Prototype Pollution in node-forge util.setPath API
2022-01-08 00:22:40
cve
cve
CVE-2020-7720
2020-09-01 10:15:00
redhat
redhat